Leaking private sensitive celebrity content sure drives the hackers, but not as much as hacking banking websites and now banking apps on android too!
Appvigil, a flagship of Wegilant, in their report have found that 70% of the Top 100 mobile banking apps on Android OS are vulnerable to security threats and data leaks! Pop your panic pills!
We are talking about how safe is smartphone banking actually is. Given the ever rising smartphone user population, banks are but forced to float their apps on Google Play vowing to making money management a child’s play. In a leading Axis Bank commercial, Deepika says, “Bank jaane ke liye, Bank jaane ki kya zaroorat hain” pointing at her Axis bank app.
From checking your bank balance to leaving standing orders, contacting customer care to making 6 digit transfers in seconds, it’s all bundled up in the app. Guess that’s what lures the hackers, kyunki app mein saara bank hain!
So lets count the threats the banking apps are vulnerable to,
- Data leakage and hacking financial information
- Password stealing
- Internet spoofing (attack where a malicious application induces undesired behavior by forging an intent.)
Appvigil examined all the banking apps for major security checks through dynamic and static procedures. The completely automated security analysis performed by Appvigil on all the Top 100 bank apps has raised these security threats
- Security loopholes present themselves even in premium banking apps
- The most basic security checks were non-existent in most bank apps
- The communication between the server and the app is still in unencrypted form (ie HTTP instead of HTTPS)
- Delay or pre mature time outs in transaction processing were some of the easy give aways to the hackers
- Data theft by redirecting was another issue
- Planting of malicious bugs in the app (hence clear your phone junk every other day)
- Malicious Java injection, SQL injection etc rampant on these apps
Here are the number of vulnerabilities found by AppVigil
A good 49% of the crowd hence have stopped using these apps inspite of the convenience offered fearing security concerns. Though the banks send us OTPs (One time passwords), confirmation emails, reassurance codes, one cannot but wonder how the hackers can outwit the existing security system.
One can be sure, the more easier and convenient the banking app is, the more security issues the user might have to face. Though the report does not pin point the particular banks lacking security concerns, the Indian Overseas Bank mobile app hit the headlines for the inadequate security deficits. And yes!, the bank did assure IOB users that none of the allegations were true and so did Appvigil.
IOB claimed that these allegations by Appvigil are false and the referred app is not IOB’s mobile app. After clarifying the matter, Appvigil put out another blog post correcting their mistake. “We are writing to apologize for all the harm that this report has caused to Indian Overseas Bank (IOB). Moreover, we would like to mention that the app we used is not the official net banking app of Indian Overseas Bank. It was just an informational app which has listed the publicly available information about IOB like branches, etc. We would like to assure IOB users that the said vulnerability was not found in the net banking app of IOB and that they are safe. We would also take extra care that such mistake is not repeated in future and only the general statistics are shared,” Appvigil said.
Every day, major banks are coming up with services we probably wouldn’t have imagined, it’s also imperative they come up with ways to secure the financial data. This not only does affect the reputation of the bank, but also when it comes to managing money, convenience is always second to safety.
You can check entire report on https://appvigil.co
